The rise of social media cyber security incidents has been explosive in recent years. According to Cisco, Facebook scam are now the #1 way to breach the network. In the spirit of Halloween, ZeroFOX is looking back at the 5 scariest cyber security incidents we’ve seen on social networks. It ranges from high-profile account hacks to nasty malware distributed via Facebook or Twitter. Boo!

On February 10th, 2015, Delta Airlines was the latest to join the ranks of companies to have their social media accounts hijacked. It’s unclear exactly how the attack went down, but the attackers began posting inappropriate links to some… questionable content. The article, titled “Why Girls Don’t Like to Give Blowjobs,” included a photo of a bowl full of very phallic looking worms. Understandably, a PR crisis ensued.

FireEye recently published a report on a Twitter-happy strain of malware that they’re calling HAMMERTOSS. The malware, disseminated by Russian hacker group APT 29, uses Twitter as a C&C to infect and control its victims. DarkReading described it as “aggressive and relentless.” Scariest of all, HAMMERTOSS was behind one of the highest-level breaches of 2015 — the US Joint Chiefs of Staff’s email servers.

The world of social cyber security incidents started off the year with a bang when CENTCOM’s Twitter and Facebook were hacked by ISIS sympathizers in January. The attack demonstrated ISIS’s ability to strike close to home, and target some very high-level US entities. While the attack was relatively unsophisticated, it had its desired effect: it caused a media explosion, demonstrated security vulnerabilities at the highest of levels, and made for some very embarrassing cyber vandalism. The attack begs the question, what other, more dangerous attacks are possible?

The clickbait attacks that circulates on Facebook get nastier and nastier. We have seen clickbait around Facebook’s dislike button, fake porn, and too-good-to-be-true offers. One of the worst we have seen was the supposedly graphic video or a tragic roller coaster accident that killed 18 people. The video prompts the user to authenticate a fake FOX news app. The app hijacks the victim’s account and further propagates the link. This is a similar type of “spamrun” attack that Twitter CFO Anthony Noto notoriously fell for.

This attack was alarming because of the real-world damage it caused. Attackers hijacked the Associated Press’ Twitter account and tweeted about explosions in the White House. Despite the fact that the AP got control of their account relatively quickly, the errant tweet was enough to drop the Dow Jones Industrial Average by 150 points. The lesson? Social media cyber security incidents can lead to serious financial and brand damage outside of the social world.